- GDPR is a global standard and factor of convergence in international protection of personal data.
- Strong and effective enforcement of the GDPR vis-à-vis large digital platforms, integrated companies and other digital services is necessary.
- Supervisory authorities should have sufficient resources at their disposal
Implementing and effectively enforcing the General Data Protection Regulation is key, say MEPs, but this can only be done if supervisory authorities are provided with sufficient funding.
In the resolution adopted today with 483 votes to 96 and 108 abstentions, MEPs say that, so far, the General Data Protection Regulation (GDPR) has been an overall success and should not be reviewed.
An important tool for EU digital diplomacy
Europe’s dominance in this field internationally would help the EU to better defend citizens’ rights, promote trustworthy digital innovation and accelerate economic growth, say MEPs.
The supervisory authorities and enforcement
MEPs are concerned that many supervisory authorities across the EU lack sufficient human, technical and financial resources to perform their tasks. They have to deal with an increasing number of resource-intensive and complex cases, and to coordinate and facilitate cooperation between the national data protection authorities (DPAs).
MEPs expressed concerns that national DPAs are enforcing the GDPR unevenly or not at all, resulting in the burden of enforcement falling on individual citizens. In particular, they call on the Irish and Luxembourg DPAs to speed up their ongoing investigations into major cases.
Facilitate implementation for SMEs, schools and clubs
As the application of the GDPR has been particularly challenging for small and medium-sized enterprises (SMEs) and some other organisations, MEPs wish to see more information and training being made available to help them implement the regulation more effectively.
Freedom of expression and information
MEPs are also concerned that some national public authorities are misusing the GDPR in order to curtail journalists and NGOs. They underscore that data protection rules should not be used as a way to put pressure on journalists to disclose their sources.
GDPR in public health policies
As pointed out by the MEPs, the COVID-19 pandemic has also highlighted that clear guidance from the DPAs and the European Data Protection Board (EDPB) is necessary on how to implement the GDPR appropriately in public health policies.